<disk/pack>

The disk/pack option controls the location of the control file. In the absence of any specification, the control file is assigned to disk. When DISKPACK or PACK is stipulated, but no family name appears, the control file is assigned to a system resource pack. When a family name follows DISKPACK or PACK, the control file is placed on the specified pack family. The control file can also be assigned to a named pack by using the PACKNAME or FAMILYNAME option with KIND = DISKPACK or KIND = PACK. The PACKNAME and FAMILYNAME options are synonymous.

<usercode specification>

The usercode specification gives the usercode under which the control file, the data files, and the audit files of the database are stored. If the control file is stored under a usercode, SYSTEM/DMCONTROL must be run under the same usercode or a privileged usercode to initialize or update the control file. If a database stored under one usercode (for example, UC1) is to be accessed from another usercode (for example, UC2), the DASDL input should specify CONTROL FILE(USERCODE = UC1);. This enables the Enterprise Database Server software to locate the control file when the software is running under a usercode other than the usercode under which the database is stored.

The usercode cannot contain a hyphen (-) or an underscore (_).

<doc admin specification>

The doc admin specification identifies a usercode that is defined as the owner of the database. The usercode controls administrative access (called Database Operations Center role-based access control) to the database from Database Operations Center to prevent unintended or accidental access by any user for a given Database Operations Center-supported function.

The doc admin specification is optional. If specified, Database Operations Center role-based access control allows the owner of the database to define a role that allows certain pre-defined permissions of Database Operations Center task groups. After defining such roles, the owner can assign roles to each usercode.

Refer to the “DMCONTROL Statement” in the Utilities Operations Guide for complete instructions.

<data path specification>

The data path specification identifies the permanent directory that is to contain the following database components: control file, data files, and tailored software. The specification must include the *DIR node of the permanent directory.

Note that when you use the data path specification, the usercode is ignored.

The highest level node (*DIR) of the permanent directory named by the data path specification must be created by a privileged user through the WFL MKDIR command. The ALTER command can then be used to set the various access permissions.

In order for anyone other than the owner to access subdirectories and files within the permanent directory namespace, both the PROPAGATESECURITYTODIRS and PROPAGATESECURITYOFILES file attributes must be set to PROPAGATE.

The access rights for the OWNER, GROUP, and ALTERNATEGROUPS file attributes are specified through the control settings R (Read), W (Write), and X (eXecute/Traverse). When setting the access rights for permanent directories, the traverse permission means that the user or program can traverse through the permanent directory and access files and subdirectories contained within it.

Depending on the access permission set for the *DIR node, a privileged usercode might be required to create the directory nodes beneath it. If a program, such as SYSTEM/DMCONTROL or SYSTEM/DMUTILITY, creates a file and is run from a privileged usercode, any missing permanent directory nodes subordinate to the *DIR node are created automatically. If the programs are run from a nonprivileged usercode, all necessary permanent directory nodes must already exist in order for the program to create the file. Regardless of how the permanent directory nodes are created, the user must set the access permissions.

The RUNTIMEUC specification is optional and, if used, must follow the DBPATH permanent directory specification. If the USERCODE option is specified along with the data path specification, the USERCODE option is ignored.

<data path specification> (cont.)

The database stack always runs under the owner of the control file. If RUNTIMEUC is specified in DASDL, then SYSTEM/DMCONTROL sets the control file owner attribute to the RUNTIMEUC when SYSTEM/DMCONTROL runs with the INITIALIZE or UPDATE option. SYSTEM/DMCONTROL must be run by a privileged user or under a usercode authorized to create the control file. No usercode (*) is not allowed as the RUNTIMEUC specification.

The disk/pack option is required when using the data path specification.

Refer to the Security Operations Guide for additional information.

SECURITYGUARD

The SECURITYGUARD option sets the SECURITYGUARD file attribute to the name and location of the guard file that controls direct access to the database files by programs other than the Accessroutines. Standard system security rules prevail. The following conditions are some of the causes of security errors:

VSS3OPTIMIZE

VSS3OPTIMIZE supports MCP 4096-byte physical sector disks.

The VSS3OPTIMIZE option, when set to TRUE, aligns the control file on block boundaries that are multiples of 660 words.

For an existing audited database, setting VSS3OPTIMIZE to TRUE causes the generation of a new control file that is optimized for VSS-3.

For an existing audited database with the VSS3OPTIMIZE set to TRUE, resetting the option to FALSE causes the generation of a new control file that is not optimized for VSS-3.